(Boston- Jan. 29, 2019) Senator Cynthia Stone Creem (D-Newton) has filed a broad consumer data privacy protection bill which would give Massachusetts residents unprecedented control over their personal information held by currently-unregulated businesses. This legislation is part of a nationwide trend to fill in gaps in the United States’ patchwork of federal privacy laws. Following the implementation of the General Data Protection Regulation (GDPR) in Europe last May, California enacted the California Consumer Privacy Act in the summer of 2018. Similar legislation filed recently in other states is gaining momentum. For example, a bill in Washington State (SB.5376) has been endorsed by Microsoft.
“As consumers learn more about how big tech companies and data brokers are using their personal information, they are seeking more control,” said Senator Creem. “Unfortunately, under current laws, consumers have little power to access, delete or prevent the sale of their data.”
Under Senator Creem’s new bill, Massachusetts’ residents would be entitled to certain rights concerning the use of their data by businesses that either (1) have annual gross revenues in excess of $10,000,000 or (2) derive 50 percent or more of its annual revenues from third party disclosure of Massachusetts consumers’ personal information. Consumers would have rights to access, delete or transfer their data to another service. Covered businesses would also be required to provide notice to consumers up front about their practices and allow consumers to opt-out of the sale or sharing of their data with third parties.
This bill would empower the Attorney General to create regulations and enforce the new law. In addition, there would be a private right of action for aggrieved consumers. The bill exempts employers’ use of their employees’ information within the scope of their role as an employer and also exempts certain information that is already covered by Federal privacy laws.
Commentaires